How Do You Remove “Rat” software from an iPad?

You have to actually have malware, to start with. Which you don’t.

These messages are scams.

Nothing happened, other than an email with some fascinatingly bogus claims.

Ignore it.

Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support

[How do I know his is nothing? If the scammer had even a fraction of what they claim to have, they’d send you “proof”. Something from your camera roll or photos, etc. But they don’t, and they sent you a generic scam message.]

One of the other common scams will send you a password you’ve used on another website, and when the breached website used weak password hash or worse. if you’re re-using passwords, this scam is way worse than the scam message you just received. If you have not re-used passwords, you can ignore this other password scam, too.

Here’s a longer write-up on one of these scams:

… https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/

There are lots of these scam messages around, and the scammers are getting ever-more creative.

As already commented by others, the email that you have received is itself a scam - and is preying upon potential gullibility of the recipient.

Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support

Due to the system architecture of iOS/iPadOS, unless jailbroken (don’t go there!), your iPad is not susceptible to traditional malware infection per-se. However, as with all computer systems, in addition to scams, there are still technical vulnerabilities and exploits to which you remain vulnerable. For older devices, no longer benefiting from regular security updates, the risk of an unpatched vulnerability being exploited increases.

For iOS/iPadOS, the majority of threats to which you will be invariably exposed will surface via web pages or embedded links within email or received text messages. These browser-based attacks can largely be mitigated on Apple devices by installing a good Content and Ad-blocking product. One of the very best and most respected within the Apple App Store - designed for iPad, iPhone and Mac - is 1Blocker for Safari.

https://apps.apple.com/gb/app/1blocker-for-safari/id1365531024

1Blocker is highly configurable - and crucially does not rely upon an external proxy-service of dubious provenance. All processing takes place on your device - and contrary to expectations, Safari will run faster and more efficiently. 

Unwanted content is not simply filtered after download (a technique used by basic/inferior products), but instead undesirable embedded content blocked form download. A further benefit on metered services, such as cellular connections where you data may be capped or chargeable, this not only improves speed but also saves you money.  1Blocker has also recently introduced its new “Firewall” functions - that are explicitly designed to block “trackers”. Being implemented at the network-layer, this additional protection works across all Apps. Recent updates to 1Blocker has introduced additional network extensions, extending protection to other Apps.

A further measure to improve protection is to use a security focussed DNS Service in preference to automatic DNS settings. This can either be set on a per-device basis in Settings, or can be set-up on your home Router - and in so doing extends the benefit of this specific protection to other devices on your local network. I recommend using one of the following DNS services - in particular Quad9 - for which IPv4 and IPv6 server addresses are listed:

Quad9 (recommended)

9.9.9.9

149.112.112.112

2620:fe::fe

2620:fe::9

OpenDNS

208.67.222.222

208.67.220.220

2620:0:ccc::2

2620:0:ccd::2

Cloudflare+APNIC

1.1.1.1

1.0.0.1

2606:4700:4700::1111

2606:4700:4700::1001

Use of the above DNS services will help to shield you from “known bad” websites and URLs - and when used alongside 1Blocker, or other Content Blocker provides defense in depth.

There are advanced techniques to further “harden” iOS/iPadOS (such as using DoH, DoT and DNSSEC). Apple has recently introduced its new Private Relay to its iCloud+ subscribers - in part employing DoH as an element of this new functionality.

I hope this information and insight proves to be helpful. 

bb-15 wrote:

I use my iPad almost exclusively. I received a ransomware email claiming to have used RAT software.

The email is phishing for your Apple ID credentials. Please refer to Recognize and avoid phishing messages, phony support calls, and other scams, and If you think your Apple ID has been compromised.

Please note that remote access Trojan malware’s cannot do anything on an un-jailbroken iOS or iPadOS device. The inherent security built into iOS and its file system prevents such malware from accessing system resources, which it would need to do anything.

RATs also have to be downloaded in an infected package to install. On iOS or iPadOS that install is already prevented by the operating system since the malware needs root access to install, and iOS will not allow that access to any program or process.

Even MacOS would require a user to grant admin access to get a RAT infected download to install by typing in their admin password.

So unless you’ve jailbroken your device, you don’t have a RAT (their are indeed some in the wild for packages installable on jailbroken devices).

Again, that hilarious "RAT" message is utter and unmitigated rubbish. A fraud. A lie. Learn from it, delete it, and move on.

This and many other scams are commonplace.

Here is an Apple write-up on just some of the many scams endemic:

... Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support

I'm unfamiliar with Spectrum security practices. You'll need to discuss that with them. If they have a security code mechanism available for identifying callers, consider establishing it with them.

It's quite possible the Wi-Fi device is misconfigured or malfunctioning, or that the local Wi-Fi networks are just jammed with competing Wi-Fi networks, or other and far more mundane causes. All that and the usual weak and re-used passwords are a far more common source of issues than are "hackers" and RATs. For the Wi-Fi, get Spectrum out for a look.

Irrespective of why or how or who with that iPad, if you share an Apple device, you'll get misrouted notifications, and other activities will be conflated.

Are hacks technically possible? Sure. They're rare, and so far they've all been targeted. To be blunt, you're almost certainly not worth bothering with a RAT or a device hack or the rest, too. Far more common are exploits using phishing and other such, or reusing passwords, or other security mistakes. Phishing such as that RAT message.

An iPad cannot be reliably shared, particularly if there are other devices associated with the Apple ID. Apple expects a single person associated with a single Apple ID, while sharing an Apple ID ends badly.

When iCloud Keychain is used, the password will be available across all devices sharing the same Apple ID.

Wi-Fi passwords are typically preferred to be fourteen or more characters, given security issues found particularly with older Wi-Fi devices and protocols.

You’ll also want to establish a “PIN” or security code with Spectrum support, if they offer that PIN or passcode.

The easiest ways to “hack” here are to hack (***, scam) you, to “hack” their proximity and physical access to you and/or to your devices, or to “hack” (***, scam) Spectrum support (claiming to be you).

You’ll need to discuss this router and this email password issue with Spectrum support.

You’re sharing an iPad, on Spectrum. You’re unlikely to be worth a million dollar hack.

If you are a political dissident, investigative journalist, have access to sensitive or classified or substantial financial data, these calculations might shift, and you will want and need actual tailored security advice. For most of us, we’re scammed, not hacked. Or some glitch or outage or failure causes problems.

Whether this is an iCloud bug, some other sort of social engineering, weak passwords here or elsewhere, Spectrum glitches or outages (reports of those Spectrum outages and glacial performance this week in various places, too), there’s almost certainly a mundane explanation.

So far, there’s no clear indication of compromise, either.